Covid-19 and Cyber insurance

During this challenging time, we understand that many of you – and your employees – will now be using personal devices for work purposes, and you might be wondering what this means for your cyber insurance cover.
Generally speaking, you will be unaffected by this. There is no need to notify your insurer of this if:
any personal devices being used for work purposes have the same level of security as the company’s network. You may wish to check this with your IT or service provider if you are unsure. This includes personal devices being used to connect to cloud resources that were live prior to policy inception; or you and your employees are connecting to company IT systems through secure remote access channels, such as a VPN (to connect to corporate services such as remote desktop, email or file servers), or to SaaS resources (i.e. Gsuite or Office 365), that were established prior to policy inception. If a larger percentage of your clients workforce is now connecting via such channels, there is still no need to notify us, so long as the same security standards apply.
Where this is not the case, please notify us of changes to your situation, and where possible take the steps necessary to ensure that personal devices being used for work purposes benefit from the same level of security as the corporate network.

You will also need to notify us if you or your employees are handling or processing payment card information (PCI data) while working remotely – whether this is on a personal or a work device.

More information on secure home-working can be found in the guidance produced by NCSC, the UK Government’s National Cyber Security Centre: Home working
Thanks to the continued support from our insurer partners during these challenging times